2912 matches found
Security Bulletin: Multiple vulnerabilities in Eclipse Jetty affects IBM Rational Functional Tester / DevOps Test UI
Summary There are vulnerabilities in Eclipse Jetty used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists a security vulnerability in Jetty's ThreadLimitHandler.getRemote...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the API request handlers due to insufficient validation of user-supplied input. An attacker can cause the plugin process to crash by sending a specially crafted HTTP request to the PR...
Improper Validation of Specified Index, Position, or Offset in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Index, Position, or Offset in Input via the legacy GridFS file reader API. An attacker can cause a crash or leak process memory contents by supplying crafted documents with malformed file metadata to the...
Improper Validation of Unsafe Equivalence in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Unsafe Equivalence in Input in the CXF-RS or CXF-SOAP endpoints due to missing inbound filtering via setInFilterStartsWith. An attacker can execute arbitrary code and write files by injecting Camel-internal header...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal due to the improper validation of annotations from org.opencontainers.image.title in pullArtifact methods in Registry and OCILayout. An attacker can manipulate this annotation to create a path that escapes the output...
Improper Validation of Array Index
Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q16-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...
Improper Validation of Array Index
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Improper Validation of Array Index
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q16-HDRI-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Improper Validation of Array Index
Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Improper Validation of Array Index
Overview Magick.NET-Q8-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Improper Validation of Array Index
Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...
GHSA-363W-HVWH-W7M6 Budibase: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API
Security Advisory: CouchDB Reduce Injection via Unsanitized Calculation Parameter in V1 Views API Affected Software: Budibase Affected Component: packages/server/src/api/controllers/view/viewBuilder.ts, packages/server/src/api/routes/view.ts CWE: CWE-94 Improper Control of Generation of Code...
BIT-GITLAB-2026-1184 Deserialization of Untrusted Data in GitLab
GitLab has remediated an issue in GitLab EE affecting all versions from 11.9 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by uploading a specially crafted file due to improper validation...